You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Multiple pc infection, suspected xe.vbs

Hello, I am a medical student from italy. Thank you so much for the useful helping tools and support provided on this forum! I am experiencing issues (slow data processing, usb keys infection...) with a computer I am using here at my hospital (CCU). As well trained as they should be the vast majority of doctors seem to ignore the basic rules of computer protection/usage.

The computer in object contains important data, so I am trying to be as cautious as possibile in my attempt to fix it. Any help will be much appreciated. Here's the DDS and Attach files..

Yes, there is patient data stored in the computer, mostly under the form of excel databases. I have tried to backup most of it. This is a "workhorse" computer used mostl by students. I have received my boss's authorization to operate the computer with potentially harmful antivirus programs (Combofix).

Thank you again. Here's the logs. There could be a problem though: I had already performed a TDSS scan and quarantined two files a day ago. I also got a download error (AVAST engine download error:407)

when trying to download avast. I do not know whether or not it caused by the proxy of the hospital but i can not seem to be able to download any antivirus (I have tried avira, avast and avg). I am not able to download the MBAM's updates as well.

I remember I had performed a "normal" scan with no additional options checked, and it returned no threats. After that I checked the two additional options "verify file digital signature" and "detect TDLFS file system" and it found two threats.

Here's the first log.The file was too big so I had to split it. Thank you.

I am sorry, I just realized I did not disable windows defender before running combofix. Another problem is I can run a malwarebyte scan (I already did, found and removed 20 threats...can not find the old log as I uninstalled and then reinstalled MBAm trying to fix an the update problem ) but MBAM will not update reporting error 404, resulting outdated by 231 days. I will proceed as indicated.

Here is the Script-Combofix Log. I had to restore the system to the restore point Combofix created since after the second run the internet connection stopped working and I was not able to fix it. Here is the second log.